X-Spam-Check-By: sourceware.org
To: cygwin AT cygwin DOT com
From: Shankar Unni <shankarunni AT netscape DOT net>
Subject:  Re: Puzzling local share permissions problem with ssh sessions on   Win2K3
Date:  Tue, 01 May 2007 11:54:32 -0700
Lines: 38
Message-ID: <f182d9$5sr$1@sea.gmane.org>
References:  <f0tr37$ae2$1 AT sea DOT gmane DOT org> <033001c78996$73b09300$2e08a8c0 AT CAM DOT ARTIMI DOT COM> <f15hfc$463$1 AT sea DOT gmane DOT org>
Mime-Version:  1.0
Content-Type:  text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding:  7bit
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.3) Gecko/20070326 Thunderbird/2.0.0.0 Mnenhy/0.7.5.666
In-Reply-To: <f15hfc$463$1@sea.gmane.org>
X-IsSubscribed: yes
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
Precedence: bulk
List-Id: <cygwin.cygwin.com>
List-Unsubscribe: <mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

Shankar Unni wrote:
> Dave Korn wrote:
> 
>> cygcheck.out: CYGWIN = 'ntsec'
>>   Perhaps you need smbntsec as well?
> 
> Thanks! That did it..

Alas, that didn't *quite* do it.

I finally figured out that I had to uninstall and re-install 
(ssh-host-config) the sshd service, with CYGWIN=ntsec smbntsec.  The 
permissions on files look OK now, but there's still a problem:

My login groups are incomplete. When logged in via remote desktop, my 
groups are:

$ id
uid=13555(sunni) gid=11552(etdev) groups=544(Administrators),555(Remote 
Desktop Users),545(Users),16244(BusinessSignatures e),16487(Development 
Organiza),16381(DL- Global Employees),10513(Domain 
Users),16562(EntrustEmp),11552(etdev),11269(RAS-VPN 
Users),14162(RWC-Remote Users),11284(Terminal Server Users)

But when logged in via sshd, my groups are:
$ id
uid=13555(sunni) gid=11552(etdev) groups=544(Administrators),555(Remote 
Desktop Users),545(Users),11552(etdev)

Basically, all my CORP domain group memberships are missing except my 
primary login group (the user is a CORP domain user, as is the etdev 
group). Notice the missing groups with ids > 10000..

(This causes all sorts of subtle permissions problems on certain files 
with more restrictive ACLs. Like all my ClearCase views :-/).

How do I get my sshd login session to contain all the Domain group 
memberships as well?


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/